SQLAuthTypes

SQLAuthTypes

Name

SQLAuthTypes -- Specify the allowed authentication types and their check order

Synopsis

SQLAuthTypes [ [OpenSSL]] [ [Crypt]] [ [Backend]] [ [Plaintext]] [ [Empty]]

Default

none

Context

server config, ,

Module

mod_sql

Compatibility

1.2.0 and later

Description

This directive deprecates 'SQLEmptyPasswords', 'SQLScrambledPasswords', 'SQLSSLHashedPasswords', 'SQLPlaintextPasswords', and 'SQLEncryptedPasswords'.

The SQLAuthTypes directive specifies which authentication method are to be allowed, and their order of use. You must specify at least one authentication method.

The current supported authentication methods are:

  • Backend

    Allows database-specific backend passwords. Not all backend databases support this option. For example, MySQL datatabases use this option to authenticate MySQL 'PASSWORD()' encrypted passwords. The Postgres backend, however, does nothing.Caveat : if your MySQL activity log is world-readable, the user password will be visible . You have been warned.

  • Crypt

    Allows passwords in the database to be of Unix crypt(3) form.

  • Empty

    Allows empty passwords in the database, which match against any password the user may give. The database field must be a truly empty string; NULL values are not acceptable as empty passwords. Be very careful if using this authentication method.

  • OpenSSL

    Allows passwords in the database to be of the form '{digest-name}hashed-value', where hashed-value is the base64-encoded digest of the passsword. Only available if you define HAVE_OPENSSL when you compile proftpd and you link with OpenSSL's libcrypto library.

  • Plaintext

    Allows passwords in the database to be in plaintext.

See also

Examples

SQLAuthTypes Crypt Empty

configures mod_sql to first attempt to verify the password using the Unix crypt(3) function, then, if that fails, determine if the password in the database is empty (thus matching any given password). If all of the configured authentication methods fail, mod_sql will fail to authenticate the user.

espaceur


ceydric